ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 12 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 12
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company wants to use a third-party software-as-a-service (SaaS) application. The third-party SaaS application is consumed through several API calls. The third-party SaaS application also runs on AWS inside a VPC.
The company will consume the third-party SaaS application from inside a VPC. The company has internal security policies that mandate the use of private connectivity that does not traverse the internet. No resources that run in the company VPC are allowed to be accessed from outside the company’s VPC. All permissions must conform to the principles of least privilege.
Which solution meets these requirements?

  • A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.
  • B. Create an AWS Site-to-Site VPN connection between the third-party SaaS application and the company VPC. Configure network ACLs to limit access across the VPN tunnels.
  • C. Create a VPC peering connection between the third-party SaaS application and the company VPUpdate route tables by adding the needed routes for the peering connection.
  • D. Create an AWS PrivateLink endpoint service. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint service. Grant permissions for the endpoint service to the specific account of the third-party SaaS provider.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by robertohyena at Dec. 11, 2022, 1:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Raj40
Highly Voted 2 years, 7 months ago
Selected Answer: A
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html
upvoted 19 times
...
masetromain
Highly Voted 2 years, 7 months ago
Selected Answer: A
I go with A
upvoted 8 times
masetromain
2 years, 6 months ago
A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint. This solution uses AWS PrivateLink, which creates a secure and private connection between the company's VPC and the third-party SaaS application VPC, without the traffic traversing the internet. The use of a security group and limiting access to the endpoint service conforms to the principle of least privilege.
upvoted 11 times
...
...
princajen
Most Recent 1 week, 6 days ago
Selected Answer: A
Use AWS PrivateLink to connect securely and privately to the SaaS app without traversing the internet -- with fine-grained security group control to maintain least privilege.
upvoted 1 times
...
2aldous
10 months ago
Selected Answer: A
Access Saas products throgh AWS Private Link is the answer.
upvoted 1 times
...
SkyZeroZx
10 months ago
Selected Answer: A
Create an AWS PrivateLink interface VPC endpoint.
upvoted 1 times
...
NikkyDicky
10 months ago
Selected Answer: A
it s a
upvoted 1 times
...
cattle_rei
10 months ago
Selected Answer: A
It's A because in this scenario we are consuming a service , not providing one, so that eliminates E .
upvoted 1 times
...
shaaam80
10 months ago
Selected Answer: A
Answer - A. VPC Interface end point to access any service privately without traversing the internet. AWS Private Link VPC endpoint to access the SaaS application.
upvoted 1 times
...
atirado
10 months ago
Selected Answer: A
Option A - The interface VPC Endpoint will provide local access to the SaaS service from within the company's VPC. Moreover, traffic to and access from the SaaS VPC will traverse the AWS network rather than the internet. This is considered private traffic. Option B - This option might not work: Nothing is said about whether the CIDR blocks in each VPC overlap. Moreover, nothing is said about whether bandwidth limitations on Site-Site VPN could be an issue. Option C - This option might not work: Nothing is said about whether the CIDR blocks in each VPC overlap. Option D - This option will not work: A PrivateLink Endpoint service is used for facilitating access to AWS services.
upvoted 3 times
...
gofavad926
10 months ago
Selected Answer: A
A, the service provider creates an endpoint service and grants their customers access to the endpoint service. As the service consumer, you create an interface VPC endpoint, which establishes connections between one or more subnets in your VPC and the endpoint service.
upvoted 1 times
...
amministrazione
10 months, 3 weeks ago
A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.
upvoted 1 times
...
severlight
1 year, 8 months ago
Selected Answer: A
obvious
upvoted 1 times
...
senthilsekaran
1 year, 8 months ago
Correct Answer : A
upvoted 1 times
...
task_7
1 year, 10 months ago
Selected Answer: D
A VS D A. Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. D. Create an AWS PrivateLink endpoint service. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint service D is right SaaS provider has create interface VPC endpoint for this endpoint service
upvoted 4 times
_Jassybanga_
1 year, 5 months ago
exactly , we need to access the resource from SAAS Provider and not vice versa , Hence in this case the VPC Gateway endpoint should be provided from SAAS Provider for the privatelink endpoint we provide it to them - we use this for Snowflake Saas :)
upvoted 1 times
...
...
whenthan
1 year, 11 months ago
Selected Answer: A
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html https://aws.amazon.com/blogs/apn/enabling-new-saas-strategies-with-aws-privatelink/
upvoted 1 times
...
mfsec
2 years, 3 months ago
Selected Answer: A
Create an AWS PrivateLink interface VPC endpoint.
upvoted 1 times
...
kiran15789
2 years, 4 months ago
Selected Answer: A
https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel